Change slap_sasl_authorized to take an Operation instead of a Connection,

for compatibility with proxyAuthz control
This commit is contained in:
Howard Chu 2003-05-24 02:44:46 +00:00
parent 83f0acc1d8
commit 9dace23dec
5 changed files with 13 additions and 13 deletions

View File

@ -740,7 +740,7 @@ static int parseProxyAuthz (
dn.bv_len ? dn.bv_val : "(NULL)", 0 ); dn.bv_len ? dn.bv_val : "(NULL)", 0 );
#endif #endif
rc = slap_sasl_authorized( op->o_conn, &op->o_ndn, &dn ); rc = slap_sasl_authorized( op, &op->o_ndn, &dn );
if( rc ) { if( rc ) {
ch_free( dn.bv_val ); ch_free( dn.bv_val );

View File

@ -869,7 +869,7 @@ LDAP_SLAPD_F (void) slap_sasl2dn LDAP_P((
struct berval *saslname, struct berval *saslname,
struct berval *dn )); struct berval *dn ));
LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P(( LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
Connection *conn, Operation *op,
struct berval *authcid, struct berval *authcid,
struct berval *authzid )); struct berval *authzid ));
LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P(( LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((

View File

@ -752,7 +752,7 @@ slap_sasl_authorize(
AC_MEMCPY( &authzDN, auxvals[1].values[0], sizeof(authzDN) ); AC_MEMCPY( &authzDN, auxvals[1].values[0], sizeof(authzDN) );
rc = slap_sasl_authorized( conn, &authcDN, &authzDN ); rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN );
ch_free( authcDN.bv_val ); ch_free( authcDN.bv_val );
if ( rc != LDAP_SUCCESS ) { if ( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
@ -867,7 +867,7 @@ slap_sasl_authorize(
return SASL_NOAUTHZ; return SASL_NOAUTHZ;
} }
rc = slap_sasl_authorized(conn, &authcDN, &authzDN ); rc = slap_sasl_authorized(conn->c_sasl_bindop, &authcDN, &authzDN );
ch_free( authcDN.bv_val ); ch_free( authcDN.bv_val );
if( rc ) { if( rc ) {
#ifdef NEW_LOGGING #ifdef NEW_LOGGING

View File

@ -490,7 +490,7 @@ CONCLUDED:
* The DNs should not have the dn: prefix * The DNs should not have the dn: prefix
*/ */
static int static int
slap_sasl_check_authz( Connection *conn, slap_sasl_check_authz( Operation *op,
struct berval *searchDN, struct berval *searchDN,
struct berval *assertDN, struct berval *assertDN,
AttributeDescription *ad, AttributeDescription *ad,
@ -509,19 +509,19 @@ slap_sasl_check_authz( Connection *conn,
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
#endif #endif
rc = backend_attribute( conn->c_sasl_bindop, NULL, rc = backend_attribute( op, NULL,
searchDN, ad, &vals ); searchDN, ad, &vals );
if( rc != LDAP_SUCCESS ) goto COMPLETE; if( rc != LDAP_SUCCESS ) goto COMPLETE;
/* Check if the *assertDN matches any **vals */ /* Check if the *assertDN matches any **vals */
for( i=0; vals[i].bv_val != NULL; i++ ) { for( i=0; vals[i].bv_val != NULL; i++ ) {
rc = slap_sasl_match( conn->c_sasl_bindop, &vals[i], assertDN, authc ); rc = slap_sasl_match( op, &vals[i], assertDN, authc );
if ( rc == LDAP_SUCCESS ) goto COMPLETE; if ( rc == LDAP_SUCCESS ) goto COMPLETE;
} }
rc = LDAP_INAPPROPRIATE_AUTH; rc = LDAP_INAPPROPRIATE_AUTH;
COMPLETE: COMPLETE:
if( vals ) ber_bvarray_free_x( vals, conn->c_sasl_bindop->o_tmpmemctx ); if( vals ) ber_bvarray_free_x( vals, op->o_tmpmemctx );
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, RESULTS, LDAP_LOG( TRANSPORT, RESULTS,
@ -645,7 +645,7 @@ FINISHED:
* The DNs should not have the dn: prefix * The DNs should not have the dn: prefix
*/ */
int slap_sasl_authorized( Connection *conn, int slap_sasl_authorized( Operation *op,
struct berval *authcDN, struct berval *authzDN ) struct berval *authcDN, struct berval *authzDN )
{ {
int rc = LDAP_INAPPROPRIATE_AUTH; int rc = LDAP_INAPPROPRIATE_AUTH;
@ -673,14 +673,14 @@ int slap_sasl_authorized( Connection *conn,
} }
/* Allow the manager to authorize as any DN. */ /* Allow the manager to authorize as any DN. */
if( conn->c_authz_backend && be_isroot( conn->c_authz_backend, authcDN )) { if( op->o_conn->c_authz_backend && be_isroot( op->o_conn->c_authz_backend, authcDN )) {
rc = LDAP_SUCCESS; rc = LDAP_SUCCESS;
goto DONE; goto DONE;
} }
/* Check source rules */ /* Check source rules */
if( authz_policy & SASL_AUTHZ_TO ) { if( authz_policy & SASL_AUTHZ_TO ) {
rc = slap_sasl_check_authz( conn, authcDN, authzDN, rc = slap_sasl_check_authz( op, authcDN, authzDN,
slap_schema.si_ad_saslAuthzTo, authcDN ); slap_schema.si_ad_saslAuthzTo, authcDN );
if( rc == LDAP_SUCCESS ) { if( rc == LDAP_SUCCESS ) {
goto DONE; goto DONE;
@ -689,7 +689,7 @@ int slap_sasl_authorized( Connection *conn,
/* Check destination rules */ /* Check destination rules */
if( authz_policy & SASL_AUTHZ_FROM ) { if( authz_policy & SASL_AUTHZ_FROM ) {
rc = slap_sasl_check_authz( conn, authzDN, authcDN, rc = slap_sasl_check_authz( op, authzDN, authcDN,
slap_schema.si_ad_saslAuthzFrom, authcDN ); slap_schema.si_ad_saslAuthzFrom, authcDN );
if( rc == LDAP_SUCCESS ) { if( rc == LDAP_SUCCESS ) {
goto DONE; goto DONE;

View File

@ -227,7 +227,7 @@ int slap_sasl_getdn( Connection *conn, Operation *op, char *id, int len,
return -1; return -1;
} }
int slap_sasl_authorized( Connection *conn, int slap_sasl_authorized( Operation *op,
struct berval *authcDN, struct berval *authzDN ) struct berval *authcDN, struct berval *authzDN )
{ {
return -1; return -1;